package com.example.common.xss;


public class SequenceTool {

    /**
     * 将容易引起xss漏洞的半角字符直接替换成全角字符 在保证不删除数据的情况下保存
     *
     * @param value
     * @return 过滤后的值
     */
    public static Object xssEncode(Object value) {
        if (SequenceTool.isEmpty(value)) {
            return value;
        }
        if (value instanceof String) {
            String res = (String) value;
            System.out.println("替换参数危险字符开始：" + res);
            res = res.replaceAll("eval\\((.*)\\)", "");
            res = res.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
            res = res.replaceAll("(?i)<script.*?>.*?<script.*?>", "");
            res = res.replaceAll("(?i)<script.*?>.*?</script.*?>", "");
            res = res.replaceAll("(?i)<.*?javascript:.*?>.*?</.*?>", "");
            res = res.replaceAll("(?i)<.*?\\s+on.*?>.*?</.*?>", "");
            res = res.replaceAll("[|&;$%'\"\\'\\\"<>()\n\t\\\\]", "");
            System.out.println("替换参数危险字符结束：" + res);
            return res;
        }
        return value;
    }

    /**
     * 判断null或者 空字符串
     * @param obj
     * @return boolean
     */
    public static boolean isEmpty(Object obj) {
        if (obj == null || obj.toString().equals("")) {
            return true;
        } else {
            return false;
        }
    }
}
